Lucene search
K

413 matches found

BDU FSTEC
BDU FSTEC
added 2022/06/03 12:0 a.m.7 views

The vulnerability of the ffmpeg software for video surveillance management systems, ZoneMinder, exists due to an incorrect path name limitation for the restricted access directory. This allows attackers to execute arbitrary code.

The vulnerability of the ffmpeg software used by ZoneMinder involves incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the host with the software running...

9.1CVSS6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/05/18 12:0 a.m.9 views

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, arises due to an incorrect restriction on the path to the restricted access catalog. This allows a malicious user to execute arbitrary code.

The vulnerability of the Citrix XenMobile Server, a system for managing corporate mobile devices, exists due to an incorrect restriction on the path name to the restricted directory. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

8.8CVSS8AI score0.0265EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/05/17 12:0 a.m.7 views

The vulnerability of the UnRAR decompression tool lies in the incorrect limitation of the path name for the restricted access directory, allowing a hacker to re-record any files.

The vulnerability of the UnRAR decompression tool is related to incorrect restrictions on the path name of the restricted directory. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files using a specially created archive...

5CVSS7.7AI score0.98975EPSS
Exploits12References14Affected Software5
OSV
OSV
added 2022/05/14 1:10 a.m.16 views

GHSA-6H58-C7R7-G2HW UberFire Framework Improperly Restricts Paths

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

6.8CVSS7.2AI score0.03101EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/05/14 1:10 a.m.22 views

UberFire Framework Improperly Restricts Paths

The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to 1 execute arbitrary code by uploading crafted content to FileUploadServlet or 2 read arbitrary files via vectors involving FileDownloadServlet...

6.8CVSS7.8AI score0.03101EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2022/05/13 1:1 a.m.6 views

GHSA-5P59-V5WM-77V4 Improper Limitation of a Pathname to a Restricted Directory in Jenkins

Jenkins before 2.107 and Jenkins LTS before 2.89.4 did not properly prevent specifying relative paths that escape a base directory for URLs accessing plugin resource files. This allowed users with Overall/Read permission to download files from the Jenkins master they should not have access to. On...

6.5CVSS6.8AI score0.0388EPSS
Exploits0References8
Github Security Blog
Github Security Blog
added 2022/04/22 8:55 p.m.42 views

Denial of Service in http-swagger

Impact Allows an attacker to perform a DOS attack consisting of memory exhaustion on the host system. Patches Yes. Please upgrade to v1.2.6. Workarounds A workaround is to restrict the path prefix to the "GET" method. As shown below func main r := mux.NewRouter...

7.8CVSS0.5AI score0.02402EPSS
Exploits0References7Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.10 views

The vulnerability of the Cisco IOx software platform arises from an incorrect limitation on the path name to the restricted access directory. This allows a perpetrator to execute arbitrary code or carry out cross-site scripting attacks.

The vulnerability of the Cisco IOx software platform exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability allows a malicious actor to execute arbitrary code or perform XSS attacks remotely...

6.8CVSS6AI score0.01232EPSS
Exploits0References3Affected Software3
BDU FSTEC
BDU FSTEC
added 2022/04/21 12:0 a.m.12 views

The vulnerability of the command interface of Cisco IP Phone microprogramming software arises due to an incorrect restriction on the path to the restricted access directory. This allows a malicious individual to read any file in the device’s file system.

The vulnerability of the command interface of Cisco IP Phone microprogramming software exists due to an incorrect restriction on the path name to the restricted access directory. Exploiting this vulnerability could allow a attacker to read any file in the device’s file system...

5.5CVSS5.9AI score0.00258EPSS
Exploits0References2
NVD
NVD
added 2022/04/14 10:15 p.m.38 views

CVE-2022-24854

Metabase is an open source business intelligence and analytics application. SQLite has an FDW-like feature called ATTACH DATABASE, which allows connecting multiple SQLite databases via the initial connection. If the attacker has SQL permissions to at least one SQLite database, then it can attach...

8.8CVSS0.01012EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.3 views

PT-2022-3875 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications...

9CVSS6.9AI score0.01414EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.4 views

PT-2022-2849 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: Multiple vulnerabilities in the Cisco IOx application hosting environment on multiple Cisco platforms could allow an attacker to inject arbitrary commands into the underlying host operati...

6.8CVSS5.5AI score0.01232EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.4 views

PT-2022-2300 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of a directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execute...

7.2CVSS6.4AI score0.00607EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.6 views

PT-2022-2299 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of the directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execut...

6.8CVSS5.3AI score0.01232EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2022/04/13 12:0 a.m.5 views

PT-2022-2301 · Cisco · Cisco Iox +1

Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue allows an attacker to inject arbitrary commands into the underlying host operating system, execute arbitrary code on the underlying host operating system, install applications...

9CVSS6.8AI score0.02325EPSS
Exploits1References8
BDU FSTEC
BDU FSTEC
added 2022/04/08 12:0 a.m.10 views

The vulnerability of Adobe Illustrator’s graphic editor lies in the incorrect limitation of the path name to the restricted access catalog, allowing attackers to execute arbitrary code.

The vulnerability of Adobe Illustrator’s graphic editor is related to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

9.3CVSS7.8AI score0.0388EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/03/28 12:0 a.m.7 views

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications lies in the incorrect restriction on the path name to the restricted catalog, allowing a hacker to read arbitrary files.

The vulnerability of the PTC Axeda platform for creating and deploying corporate-level applications is related to an incorrect limitation on the path name used to access the restricted catalog. Exploiting this vulnerability could allow a malicious actor to read arbitrary files by sending a...

7.8CVSS7.6AI score0.02377EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/03/23 12:0 a.m.4 views

PT-2022-4185 · Unknown +1 · Passwork On-Premise Edition +1

Name of the Vulnerable Software and Affected Versions: Passwork On-Premise Edition versions prior to 4.6.13 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. This allows a remote attacker to upload arbitrary files to the system. The...

10CVSS8.5AI score0.01443EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.11 views

The vulnerability of the Magento Commerce software development and management platform lies in the incorrect limitation of the path to the restricted catalog. This allows attackers to execute arbitrary code.

The vulnerability of the Magento Commerce development and management software platform relates to incorrect restrictions on the path to the restricted catalog. Exploiting this vulnerability allows a malicious actor to execute arbitrary code in the context of the current user...

9CVSS7.8AI score0.03116EPSS
Exploits0References4Affected Software2
OSV
OSV
added 2022/02/11 6:15 p.m.5 views

CVE-2021-22804

A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that could cause disclosure of arbitrary files being read in the context of the user running IGSS, due to missing validation of user supplied data in network messages. Affected Product: Interactive Graphica...

7.5CVSS5.9AI score0.01294EPSS
Exploits0References1
Rows per page
Query Builder